SuperContainer and web hosting?

[labyrinthian]

We are thinking of moving our FMP database w SuperContainer to a web hosting service; currently we are just using it on our local machines. As I understand it, the security for the hosted database will be the user log-ins and passwords. Forgive me if this is a dumb question, but would all of our SuperContainer documents be unprotected and accessible to the whole web? I know that no one is probably interested in digging around what we have in our DB, but how secure are SC files that are hosted online?

Again, please forgive the newbie question. I'd appreciate any thoughts on this.

[BrentHedden]

This is a very good and valid question. Under a web interface, it would be difficult or near impossible for someone to be able to access the file(s) directly, especially if they are placed outside of the website's root file directory. Unless there is FTP access enabled, then only if the setup is sloppily done with no real security.

One good piece of advice that I can give you with using SuperContainer and the web - since the S.C. interface uses a 'web address' to pull the file and display it on the web browser, DO NOT use a sequencial number to identify your files. The reason is that if someone was paying even slight attention, they would notice that the web address will display the ID of the file, like this -

http://www.myfilehoster.com/supercontainer/PDFs/1024/

Nothing is stopping them from manually typeing in the address bar

http://www.myfilehoster.com/supercontainer/PDFs/1025/

http://www.myfilehoster.com/supercontainer/PDFs/1026/

and so on to view documents/pictures you didn't intend for them to see. Use a highly unique identifyer instead, like a UUID. It'll really give a long address, but it'll make it near impossible for someone to "guess" an address.

[labyrinthian]

Thank you, this is extremely helpful and clarifies a lot!

[ooparah]

This is a very good and valid question. Under a web interface, it would be difficult or near impossible for someone to be able to access the file(s) directly, especially if they are placed outside of the website's root file directory. Unless there is FTP access enabled, then only if the setup is sloppily done with no real security. One good piece of advice that I can give you with using SuperContainer and the web - since the S.C. interface uses a 'web address' to pull the file and display it on the web browser, DO NOT use a sequencial number to identify your files. The reason is that if someone was paying even slight attention, they would notice that the web address will display the ID of the file, like this - http://www.myfilehoster.com/supercontainer/PDFs/1024/ Nothing is stopping them from manually typeing in the address bar http://www.myfilehoster.com/supercontainer/PDFs/1025/ http://www.myfilehoster.com/supercontainer/PDFs/1026/ and so on to view documents/pictures you didn't intend for them to see. Use a highly unique identifyer instead, like a UUID. It'll really give a long address, but it'll make it near impossible for someone to "guess" an address.

Wonderful answer Brent! I would like to use your answer in our Product Support wiki, accessible here.

Let me know if this is alright with you,